| |
| |||||||
Log-Analyse und Auswertung: Infizierte .doc-Datei geöffnetWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
16.05.2015, 15:46
| #1 |
 |  Infizierte .doc-Datei geöffnet Hallo zusammen, gestern habe ich eine E-Mail erhalten, welche als Absender einen mir bekannten Namen und im Anhang eine .doc-Datei enthielt. Da ich bei E-Mail-Anhängen immer sehr misstrauisch bin, habe ich diesen vorher bei VirusTotal hochgeladen und keinen einzigen Treffer erhalten. Nach dem Öffnen mit Word 2013 wurden nur kryptische Zahlen- und Buchstabenkombinationen angezeigt. Inzwischen gibt es mehrere Treffer bei VirusTotal. https://www.virustotal.com/de/file/5c051968bc3f8b2be087fcbffd7a43a68d8a52c56251df36758e7ffc20bf0f28/analysis/1431785430/ Offenbar handelt es sich bei der dem Dokument um einen Makrovirus; in den Einstellungen von Word 2013 ist die Option auf "Alle Makros mit Benachrichtigung deaktivieren" gesetzt gewesen. Also dürfte meiner Ansicht nach nicht allzu viel passiert sein, trotzdem wäre es schon, wenn jemand einmal einen Blick drüber werfen könnte. Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 16:17 on 16/05/2015 (xX2119Xx)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 16-05-2015 02 Ran by xX2119Xx (administrator) on MATTHIAS-PC on 16-05-2015 16:18:47 Running from C:\Users\xX2119Xx\Downloads Loaded Profiles: xX2119Xx (Available profiles: xX2119Xx) Platform: Windows 8.1 Pro (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Sandboxie Holdings, LLC) C:\Program Files (x86)\Sandboxie\SbieSvc.exe (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe (ASUS) C:\Program Files\ASUS\P4G\BatteryLife.exe (ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\Splendid\ColorUService.exe (ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe (Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe (CyberGhost S.R.L) C:\Program Files\CyberGhost 5\Service.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (Microsoft Corporation) C:\Windows\System32\dasHost.exe (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe (AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe (AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe (AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe (Samsung Electronics.) C:\Program Files (x86)\Samsung\Samsung Magician\Samsung Magician.exe (AppWork GmbH) C:\Users\xX2119Xx\AppData\Local\JDownloader v2.0\JDownloader2.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe (Ellanet Ltd) C:\Users\xX2119Xx\Desktop\prg\Move Mouse.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe (Microsoft Corporation) C:\Program Files\Microsoft Office\Office15\WINWORD.EXE (Microsoft Corporation) C:\Windows\System32\msiexec.exe (Microsoft Corporation) C:\Windows\System32\Taskmgr.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM-x32\...\RunOnce: [ Malwarebytes Anti-Malware (cleanup)] => C:\ProgramData\Malwarebytes\ Malwarebytes Anti-Malware \mbamdor.exe [54072 2015-04-14] (Malwarebytes Corporation) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-21-4255755958-1389709673-710600270-1001\...\Run: [CCleaner] => C:\Program Files\CCleaner\CCleaner64.exe [8204056 2015-04-23] (Piriform Ltd) HKU\S-1-5-21-4255755958-1389709673-710600270-1001\...\Run: [KSS] => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe [202080 2014-06-15] (Kaspersky Lab ZAO) HKU\S-1-5-21-4255755958-1389709673-710600270-1001\...\MountPoints2: D - "D:\dvdcheck.exe" HKU\S-1-5-21-4255755958-1389709673-710600270-1001\...\MountPoints2: {ee7b7feb-f788-11e4-82da-bcee7b2b66d7} - "G:\start.exe" /auto AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [175880 2015-04-09] (NVIDIA Corporation) AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [154256 2015-04-09] (NVIDIA Corporation) Startup: C:\Users\xX2119Xx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled [2015-05-14] () ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKU\S-1-5-21-4255755958-1389709673-710600270-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/de-de/?ocid=iehp SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2015-02-10] (Microsoft Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-05-07] (Oracle Corporation) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-05] (Microsoft Corporation) BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2015-03-18] (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-05-07] (Oracle Corporation) DPF: HKLM-x32 {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.systemrequirementslab.com/bin/srldetect_intel_4.5.24.0.cab Handler: AutorunsDisabled - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2014-10-14] (Microsoft Corporation) Handler-x32: AutorunsDisabled - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL [2015-02-17] (Microsoft Corporation) Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2014-10-14] (Microsoft Corporation) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 FireFox: ======== FF ProfilePath: C:\Users\xX2119Xx\AppData\Roaming\Mozilla\Firefox\Profiles\lm378rrh.default-1414804684893 FF NetworkProxy: "type", 0 FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_188.dll [2015-05-14] () FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll [2015-02-08] (Tracker Software Products (Canada) Ltd.) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\Program Files\Microsoft Office\Office14\NPAUTHZ.DLL No File FF Plugin: @microsoft.com/SharePoint,version=14.0 -> F:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation) FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll [2015-02-08] (Tracker Software Products (Canada) Ltd.) FF Plugin: @videolan.org/vlc,version=2.1.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-16] (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-16] (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.2.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-16] (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-16] (VideoLAN) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_188.dll [2015-05-14] () FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] () FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2015-02-08] (Tracker Software Products (Canada) Ltd.) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-16] (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-16] (Intel Corporation) FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-05-07] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-05-07] (Oracle Corporation) FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2014-10-22] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-21] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation) FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-04-08] (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-04-08] (NVIDIA Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-15] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-15] (Google Inc.) FF Plugin-x32: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2015-02-08] (Tracker Software Products (Canada) Ltd.) FF Plugin HKU\S-1-5-21-4255755958-1389709673-710600270-1001: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2015-02-08] (Tracker Software Products (Canada) Ltd.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2014-10-22] (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll [2015-02-08] (Tracker Software Products (Canada) Ltd.) FF Extension: WOT - C:\Users\xX2119Xx\AppData\Roaming\Mozilla\Firefox\Profiles\lm378rrh.default-1414804684893\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2014-11-10] FF Extension: ZenMate Security & Privacy VPN - C:\Users\xX2119Xx\AppData\Roaming\Mozilla\Firefox\Profiles\lm378rrh.default-1414804684893\Extensions\firefox@zenmate.com.xpi [2014-11-09] FF Extension: Video DownloadHelper - C:\Users\xX2119Xx\AppData\Roaming\Mozilla\Firefox\Profiles\lm378rrh.default-1414804684893\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2015-03-17] FF Extension: Adblock Plus - C:\Users\xX2119Xx\AppData\Roaming\Mozilla\Firefox\Profiles\lm378rrh.default-1414804684893\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-11-08] FF Extension: QuickJava - C:\Users\xX2119Xx\AppData\Roaming\Mozilla\Firefox\Profiles\lm378rrh.default-1414804684893\Extensions\{E6C1199F-E687-42da-8C24-E7770CC3AE66}.xpi [2014-11-30] FF Extension: Hotspot Shield Extension - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\afproxy@anchorfree.com [2015-04-25] Chrome: ======= CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2014-04-01] (Adobe Systems) [File not signed] R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.) R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [312448 2013-09-25] (Windows (R) Win 7 DDK provider) [File not signed] S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-29] (Microsoft Corporation) R2 CGVPNCliService; C:\Program Files\CyberGhost 5\Service.exe [64616 2014-11-03] (CyberGhost S.R.L) S3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [1277680 2015-03-31] (Disc Soft Ltd) R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1152656 2015-05-01] (NVIDIA Corporation) S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed] R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [File not signed] S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R) Corporation) R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-16] (Intel Corporation) R2 KSS; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe [202080 2014-06-15] (Kaspersky Lab ZAO) S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation) R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1884304 2015-05-01] (NVIDIA Corporation) R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [22997648 2015-05-01] (NVIDIA Corporation) R2 SbieSvc; C:\Program Files (x86)\Sandboxie\SbieSvc.exe [175112 2015-02-18] (Sandboxie Holdings, LLC) R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5448976 2015-04-17] (TeamViewer GmbH) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-04] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-04] (Microsoft Corporation) R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2013-09-25] (Atheros) [File not signed] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R3 Apowersoft_AudioDevice; C:\Windows\system32\drivers\Apowersoft_AudioDevice.sys [31920 2014-04-09] (Wondershare) R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3859968 2013-08-15] (Qualcomm Atheros Communications, Inc.) R3 ATP; C:\Windows\System32\drivers\AsusTP.sys [70928 2014-02-13] (ASUS Corporation) R3 avmaura; C:\Windows\System32\drivers\avmaura.sys [116480 2014-04-01] (AVM Berlin) U0 bieg; C:\Windows\System32\drivers\piyvxirq.sys [79064 2015-05-15] (Malwarebytes Corporation) R3 dtlitescsibus; C:\Windows\System32\drivers\dtlitescsibus.sys [30352 2015-03-08] (Disc Soft Ltd) R3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [14992 2012-08-02] ( ) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [136408 2015-05-16] (Malwarebytes Corporation) S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-04-14] (Malwarebytes Corporation) R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-16] (Intel Corporation) R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-05-01] (NVIDIA Corporation) R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation) R2 plctrl; C:\Program Files\ASUS\P4G\plctrl.sys [14136 2014-02-11] (Windows (R) Win 7 DDK provider) R3 SbieDrv; C:\Program Files (x86)\Sandboxie\SbieDrv.sys [237064 2015-02-18] (Sandboxie Holdings, LLC) R1 SLEE_18_DRIVER; C:\Windows\Sleen1864.sys [109144 2014-01-30] (Softwareentwicklung Remus - ArchiCrypt - ) S3 SWDUMon; C:\Windows\system32\DRIVERS\SWDUMon.sys [16152 2014-05-24] () S3 taphss6; C:\Windows\system32\DRIVERS\taphss6.sys [42184 2014-05-17] (Anchorfree Inc.) S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-04] (Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-05-16 16:18 - 2015-05-16 16:18 - 02107392 _____ (Farbar) C:\Users\xX2119Xx\Downloads\FRST64.exe 2015-05-16 16:18 - 2015-05-16 16:18 - 00019515 _____ () C:\Users\xX2119Xx\Downloads\FRST.txt 2015-05-16 16:18 - 2015-05-16 16:18 - 00000000 ____D () C:\FRST 2015-05-16 16:17 - 2015-05-16 16:17 - 00050477 _____ () C:\Users\xX2119Xx\Downloads\Defogger.exe 2015-05-16 16:17 - 2015-05-16 16:17 - 00000478 _____ () C:\Users\xX2119Xx\Downloads\defogger_disable.log 2015-05-16 16:17 - 2015-05-16 16:17 - 00000000 _____ () C:\Users\xX2119Xx\defogger_reenable 2015-05-16 15:38 - 2015-05-16 15:38 - 01560576 _____ (KC Softwares ) C:\Users\xX2119Xx\Downloads\sumo_lite.exe 2015-05-15 17:01 - 2015-05-15 17:01 - 00001316 _____ () C:\Users\xX2119Xx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Kaspersky Security Scan.lnk 2015-05-15 17:01 - 2015-05-15 17:00 - 00001093 _____ () C:\Users\xX2119Xx\Desktop\Kaspersky Security Scan.lnk 2015-05-15 17:00 - 2015-05-15 17:00 - 00000000 ____D () C:\ProgramData\Kaspersky Lab 2015-05-15 17:00 - 2015-05-15 17:00 - 00000000 ____D () C:\Program Files (x86)\Kaspersky Lab 2015-05-15 16:59 - 2015-05-15 16:59 - 00416576 _____ (Kaspersky Lab) C:\Users\xX2119Xx\Downloads\de-de.setup.exe 2015-05-15 14:56 - 2015-05-15 14:56 - 00079064 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\piyvxirq.sys 2015-05-15 14:22 - 2015-05-15 14:27 - 00000000 ____D () C:\AdwCleaner 2015-05-15 14:21 - 2015-05-15 14:22 - 02209792 _____ () C:\Users\xX2119Xx\Downloads\adwcleaner_4.204.exe 2015-05-14 16:43 - 2015-05-14 16:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite 2015-05-14 16:43 - 2015-05-14 16:43 - 00000000 ____D () C:\Program Files\DAEMON Tools Lite 2015-05-14 15:58 - 2015-05-14 15:58 - 00001765 _____ () C:\Users\Public\Desktop\iTunes.lnk 2015-05-14 15:58 - 2015-05-14 15:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes 2015-05-14 15:58 - 2015-05-14 15:58 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7 2015-05-14 15:58 - 2015-05-14 15:58 - 00000000 ____D () C:\Program Files\iTunes 2015-05-14 15:58 - 2015-05-14 15:58 - 00000000 ____D () C:\Program Files\iPod 2015-05-14 15:58 - 2015-05-14 15:58 - 00000000 ____D () C:\Program Files (x86)\iTunes 2015-05-14 15:55 - 2015-05-14 15:55 - 00000000 ____D () C:\Users\xX2119Xx\AppData\Local\openvr 2015-05-13 00:41 - 2015-05-14 15:33 - 00000000 ____D () C:\Users\xX2119Xx\Documents\Steuer-Sparbuch 2015-05-13 00:30 - 2015-05-13 00:41 - 00000593 _____ () C:\Windows\wiso.ini 2015-05-13 00:30 - 2015-05-13 00:34 - 00000000 ____D () C:\Users\xX2119Xx\AppData\Local\Buhl 2015-05-13 00:29 - 2015-05-13 00:30 - 00000000 ____D () C:\ProgramData\Buhl Data Service GmbH 2015-05-13 00:29 - 2015-05-13 00:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WISO Steuer-Sparbuch 2015 2015-05-13 00:29 - 2015-05-13 00:29 - 00000000 ____D () C:\Program Files (x86)\WISO 2015-05-11 21:23 - 2015-05-15 00:32 - 00000000 ____D () C:\Users\xX2119Xx\AppData\Local\CyberGhost 2015-05-11 21:23 - 2015-05-13 00:42 - 00001784 _____ () C:\Users\xX2119Xx\Desktop\CyberGhost 5.lnk 2015-05-11 21:23 - 2015-05-11 21:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberGhost 5 2015-05-11 21:23 - 2015-05-11 21:23 - 00000000 ____D () C:\Program Files\TAP-Windows 2015-05-11 21:23 - 2015-05-11 21:23 - 00000000 ____D () C:\Program Files\CyberGhost 5 2015-05-09 00:28 - 2015-05-14 16:23 - 00000000 ____D () C:\Program Files\Speccy 2015-05-09 00:28 - 2015-05-09 00:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Speccy 2015-05-09 00:03 - 2015-05-09 00:03 - 00000000 ____D () C:\Users\xX2119Xx\Documents\Razer 2015-05-09 00:03 - 2015-05-09 00:03 - 00000000 ____D () C:\Users\xX2119Xx\AppData\Local\Razer_Inc 2015-05-09 00:01 - 2015-05-09 09:53 - 00000000 ____D () C:\Users\xX2119Xx\AppData\Local\Razer 2015-05-09 00:00 - 2015-05-09 09:53 - 00000000 ____D () C:\ProgramData\Razer 2015-05-08 16:29 - 2015-05-08 16:29 - 00000827 _____ () C:\Users\xX2119Xx\Desktop\Grand Theft Auto V.lnk 2015-05-08 12:43 - 2015-05-08 23:44 - 00000000 ____D () C:\Program Files\Rockstar Games 2015-05-07 20:21 - 2015-05-07 20:21 - 00000000 ____D () C:\Users\xX2119Xx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\JDownloader 2015-05-07 20:20 - 2015-05-16 15:49 - 00000000 ____D () C:\Users\xX2119Xx\AppData\Local\JDownloader v2.0 2015-05-04 12:36 - 2015-05-04 12:36 - 00741031 ____T () C:\Users\xX2119Xx\Desktop\studium.oxps 2015-04-28 12:14 - 2015-04-28 12:14 - 00000000 ____D () C:\Users\xX2119Xx\AppData\Roaming\NVIDIA 2015-04-26 14:43 - 2015-04-26 14:43 - 00000000 ____D () C:\Users\xX2119Xx\AppData\Roaming\Ellanet 2015-04-25 03:04 - 2015-05-16 15:39 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2015-04-17 06:00 - 2015-03-23 23:59 - 07476032 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2015-04-17 06:00 - 2015-03-23 23:59 - 01733952 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll 2015-04-17 06:00 - 2015-03-23 23:59 - 00360480 _____ (Microsoft Corporation) C:\Windows\system32\sechost.dll 2015-04-17 06:00 - 2015-03-23 23:58 - 01498872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll 2015-04-17 06:00 - 2015-03-23 23:45 - 00257216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sechost.dll 2015-04-17 06:00 - 2015-03-20 06:12 - 00246272 _____ (Microsoft Corporation) C:\Windows\system32\microsoft-windows-system-events.dll 2015-04-17 06:00 - 2015-03-20 06:10 - 00285184 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll 2015-04-17 06:00 - 2015-03-20 06:10 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll 2015-04-17 06:00 - 2015-03-20 05:17 - 00411648 _____ (Microsoft Corporation) C:\Windows\system32\tracerpt.exe 2015-04-17 06:00 - 2015-03-20 04:41 - 00369152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tracerpt.exe 2015-04-17 06:00 - 2015-03-20 04:40 - 00950784 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll 2015-04-17 06:00 - 2015-03-20 04:16 - 00749568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll 2015-04-17 06:00 - 2015-03-13 04:58 - 00259072 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll 2015-04-17 06:00 - 2015-03-13 04:37 - 00208896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll 2015-04-17 05:57 - 2015-03-13 06:32 - 24980480 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2015-04-17 05:57 - 2015-03-13 06:08 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2015-04-17 05:57 - 2015-03-13 06:07 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2015-04-17 05:57 - 2015-03-13 05:53 - 00816128 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2015-04-17 05:57 - 2015-03-13 05:50 - 06025216 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2015-04-17 05:57 - 2015-03-13 05:42 - 19695616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2015-04-17 05:57 - 2015-03-13 05:28 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2015-04-17 05:57 - 2015-03-13 05:26 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2015-04-17 05:57 - 2015-03-13 05:22 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2015-04-17 05:57 - 2015-03-13 05:17 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll 2015-04-17 05:57 - 2015-03-13 05:16 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2015-04-17 05:57 - 2015-03-13 05:08 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2015-04-17 05:57 - 2015-03-13 05:07 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2015-04-17 05:57 - 2015-03-13 05:00 - 14397440 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2015-04-17 05:57 - 2015-03-13 04:50 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll 2015-04-17 05:57 - 2015-03-13 04:49 - 04305408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2015-04-17 05:57 - 2015-03-13 04:45 - 02358784 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2015-04-17 05:57 - 2015-03-13 04:44 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2015-04-17 05:57 - 2015-03-13 04:34 - 12825600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2015-04-17 05:57 - 2015-03-13 04:33 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2015-04-17 05:57 - 2015-03-13 04:22 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2015-04-17 05:57 - 2015-03-13 04:20 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2015-04-17 05:57 - 2015-03-13 04:16 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2015-04-17 05:57 - 2015-03-13 04:14 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2015-04-17 05:56 - 2015-03-14 10:54 - 00133256 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe 2015-04-17 05:56 - 2015-03-14 03:56 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll 2015-04-17 05:56 - 2015-03-14 03:56 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll 2015-04-17 05:56 - 2015-03-14 03:51 - 00015360 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll 2015-04-17 05:56 - 2015-03-14 03:37 - 00267264 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll 2015-04-17 05:56 - 2015-03-14 03:14 - 00027136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll 2015-04-17 05:56 - 2015-03-14 02:22 - 03678720 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll 2015-04-17 05:56 - 2015-03-14 02:12 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll 2015-04-17 05:56 - 2015-03-14 02:12 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe 2015-04-17 05:56 - 2015-03-14 02:09 - 00200192 _____ (Microsoft Corporation) C:\Windows\system32\storewuauth.dll 2015-04-17 05:56 - 2015-03-14 02:08 - 00408064 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll 2015-04-17 05:56 - 2015-03-14 02:08 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll 2015-04-17 05:56 - 2015-03-14 02:06 - 02373632 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll 2015-04-17 05:56 - 2015-03-14 02:06 - 00891392 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll 2015-04-17 05:56 - 2015-03-14 02:02 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll 2015-04-17 05:56 - 2015-03-14 02:02 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe 2015-04-17 05:56 - 2015-03-14 01:59 - 00721920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll 2015-04-17 05:56 - 2015-03-14 01:59 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll 2015-04-17 05:56 - 2015-03-04 12:25 - 00377152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\clfs.sys 2015-04-17 05:56 - 2015-03-04 05:04 - 00075264 _____ (Microsoft Corporation) C:\Windows\system32\clfsw32.dll 2015-04-17 05:56 - 2015-03-04 04:19 - 00058880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\clfsw32.dll 2015-04-17 05:56 - 2015-02-24 10:32 - 00991552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-05-16 16:17 - 2014-03-31 20:35 - 00000000 ____D () C:\Users\xX2119Xx 2015-05-16 16:00 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\system32\sru 2015-05-16 15:59 - 2014-04-01 16:54 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-05-16 15:52 - 2014-05-17 23:22 - 00001142 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-05-16 15:50 - 2014-04-03 00:46 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-05-16 15:43 - 2014-03-31 20:41 - 00003596 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-4255755958-1389709673-710600270-1001 2015-05-16 15:42 - 2014-04-04 19:13 - 01209344 ___SH () C:\Users\xX2119Xx\Desktop\Thumbs.db 2015-05-16 15:24 - 2014-04-05 01:10 - 00000000 ____D () C:\Users\xX2119Xx\AppData\Roaming\vlc 2015-05-16 13:48 - 2014-03-31 20:42 - 01776918 _____ () C:\Windows\system32\PerfStringBackup.INI 2015-05-16 13:48 - 2013-08-23 01:24 - 00765582 _____ () C:\Windows\system32\perfh007.dat 2015-05-16 13:48 - 2013-08-23 01:24 - 00159366 _____ () C:\Windows\system32\perfc007.dat 2015-05-16 12:52 - 2014-05-17 23:22 - 00001138 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-05-15 17:48 - 2014-04-01 18:57 - 00000000 ____D () C:\Program Files (x86)\TeamViewer 2015-05-15 14:56 - 2014-08-05 16:26 - 00000000 ____D () C:\Windows\de 2015-05-15 14:29 - 2014-05-24 00:16 - 00000062 _____ () C:\Users\xX2119Xx\AppData\Roaming\sp_data.sys 2015-05-15 14:28 - 2014-03-31 20:53 - 00000000 ____D () C:\ProgramData\NVIDIA 2015-05-15 14:28 - 2013-08-22 16:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2015-05-15 14:27 - 2013-08-22 15:25 - 00262144 ___SH () C:\Windows\system32\config\BBI 2015-05-15 12:47 - 2014-05-17 23:22 - 00004114 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2015-05-15 12:47 - 2014-05-17 23:22 - 00003878 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2015-05-15 12:16 - 2014-04-04 23:51 - 00000000 ____D () C:\Program Files (x86)\Steam 2015-05-14 19:53 - 2014-04-02 00:00 - 00000000 ____D () C:\Users\xX2119Xx\Documents\Cross Fire 2015-05-14 19:52 - 2014-10-09 18:46 - 00000000 ____D () C:\Users\xX2119Xx\Documents\HyperCam3 2015-05-14 19:43 - 2014-12-08 00:42 - 00033609 _____ () C:\Windows\system32\energy-report.html 2015-05-14 19:22 - 2014-07-14 03:07 - 00000000 ____D () C:\Windows\System32\Tasks\Abelssoft 2015-05-14 16:45 - 2013-08-22 17:20 - 00000000 ____D () C:\Windows\CbsTemp 2015-05-14 16:42 - 2014-04-23 00:27 - 00206848 ___SH () C:\Users\xX2119Xx\Downloads\Thumbs.db 2015-05-14 16:40 - 2014-09-16 21:48 - 00000000 ____D () C:\Users\xX2119Xx\AppData\Local\Adobe 2015-05-14 16:40 - 2014-04-01 16:54 - 00003772 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2015-05-14 16:37 - 2014-11-01 03:16 - 00000000 ____D () C:\Program Files (x86)\Java 2015-05-14 16:37 - 2014-04-09 23:53 - 00000000 ____D () C:\Program Files (x86)\Mp3tag 2015-05-14 16:36 - 2014-04-10 15:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TreeSize Free 2015-05-14 16:18 - 2014-04-03 00:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2015-05-14 16:18 - 2014-04-03 00:46 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2015-05-14 15:58 - 2014-09-22 18:33 - 00000000 ____D () C:\Program Files\Common Files\Apple 2015-05-14 15:50 - 2014-04-01 18:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CrystalDiskInfo 2015-05-14 15:50 - 2014-04-01 18:20 - 00000000 ____D () C:\Program Files (x86)\CrystalDiskInfo 2015-05-14 15:49 - 2014-04-01 17:49 - 00000000 ____D () C:\Program Files\CCleaner 2015-05-14 15:47 - 2014-04-01 16:20 - 00001171 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2015-05-14 15:35 - 2014-05-17 23:22 - 00000000 ____D () C:\Program Files (x86)\Google 2015-05-14 10:07 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\AppReadiness 2015-05-14 09:58 - 2014-06-29 20:57 - 00000000 ____D () C:\Users\xX2119Xx\AppData\Roaming\DAEMON Tools Lite 2015-05-14 09:58 - 2014-04-04 17:39 - 00000000 ____D () C:\Users\xX2119Xx\AppData\Local\CrashDumps 2015-05-13 01:14 - 2014-04-01 18:26 - 00000000 ____D () C:\Users\xX2119Xx\AppData\Local\Deployment 2015-05-13 00:45 - 2014-04-10 14:40 - 00000000 ____D () C:\Users\xX2119Xx\Desktop\pics 2015-05-13 00:29 - 2014-03-31 20:46 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information 2015-05-12 15:52 - 2014-07-25 18:28 - 00000000 ____D () C:\ProgramData\Package Cache 2015-05-11 20:24 - 2015-02-05 11:19 - 00000983 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 10.lnk 2015-05-09 19:49 - 2014-04-01 18:56 - 00000000 ____D () C:\Users\xX2119Xx\AppData\Roaming\Skype 2015-05-09 17:30 - 2014-04-01 18:56 - 00000000 ____D () C:\ProgramData\Skype 2015-05-09 09:52 - 2014-04-01 18:40 - 00000000 ____D () C:\Program Files (x86)\JDownloader 2015-05-09 00:27 - 2014-06-21 14:53 - 00000000 ____D () C:\Windows\Minidump 2015-05-09 00:24 - 2014-04-01 19:01 - 00000000 ____D () C:\Users\xX2119Xx\AppData\Roaming\uTorrent 2015-05-08 23:44 - 2014-04-08 14:14 - 00000000 ____D () C:\Program Files (x86)\Rockstar Games 2015-05-08 14:22 - 2015-03-27 12:43 - 00001594 _____ () C:\Windows\Sandboxie.ini 2015-05-08 14:21 - 2014-04-08 22:55 - 00000000 ____D () C:\Users\xX2119Xx\Documents\Rockstar Games 2015-05-08 14:20 - 2014-04-08 21:38 - 00000000 ____D () C:\Users\xX2119Xx\AppData\Local\Rockstar Games 2015-05-07 20:16 - 2014-11-01 03:16 - 00097888 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2015-05-07 20:16 - 2014-04-01 18:37 - 00000000 ____D () C:\ProgramData\Oracle 2015-05-05 19:59 - 2013-08-22 17:38 - 00792568 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2015-05-05 19:59 - 2013-08-22 17:38 - 00178168 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2015-05-01 18:51 - 2014-06-11 12:36 - 01316000 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll 2015-05-01 18:51 - 2014-06-10 17:12 - 01316184 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll 2015-05-01 18:50 - 2014-06-11 12:36 - 01756424 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll 2015-05-01 18:50 - 2014-06-10 17:12 - 01570672 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll 2015-04-28 12:19 - 2014-03-31 20:36 - 00000000 ____D () C:\Users\xX2119Xx\AppData\Local\VirtualStore 2015-04-28 12:13 - 2015-03-19 13:56 - 00000454 _____ () C:\Users\xX2119Xx\.swfinfo 2015-04-26 14:47 - 2014-04-10 16:26 - 00000000 ____D () C:\Users\xX2119Xx\Desktop\prg 2015-04-25 13:16 - 2014-04-01 16:20 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2015-04-25 04:22 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\system32\NDF 2015-04-20 10:39 - 2014-04-01 16:45 - 00000000 ____D () C:\Windows\system32\MRT 2015-04-20 10:37 - 2014-04-01 16:45 - 128913832 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2015-04-19 01:28 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\rescache 2015-04-19 00:14 - 2014-04-03 00:26 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013 2015-04-19 00:14 - 2014-04-03 00:23 - 00000000 ____D () C:\ProgramData\Microsoft Help 2015-04-17 05:57 - 2013-08-22 15:25 - 00000167 _____ () C:\Windows\win.ini 2015-04-17 05:13 - 2014-03-31 20:36 - 00000000 ____D () C:\Users\xX2119Xx\AppData\Local\Packages 2015-04-17 04:39 - 2014-11-12 05:45 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\wuaext.dll ==================== Files in the root of some directories ======= 2014-06-10 17:47 - 2014-06-10 17:47 - 0000021 _____ () C:\Users\xX2119Xx\AppData\Roaming\my_intel.sys 2014-05-24 00:16 - 2015-05-15 14:29 - 0000062 _____ () C:\Users\xX2119Xx\AppData\Roaming\sp_data.sys 2014-10-09 18:46 - 2014-10-09 19:14 - 0003584 _____ () C:\Users\xX2119Xx\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2014-08-25 14:10 - 2014-08-25 14:10 - 0001430 _____ () C:\Users\xX2119Xx\AppData\Local\RecConfig.xml 2014-05-01 20:23 - 2014-05-01 20:23 - 0000000 ____H () C:\ProgramData\DP45977C.lfl 2014-08-01 00:51 - 2014-08-01 00:51 - 0001534 _____ () C:\ProgramData\ss.ini ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-05-15 12:39 ==================== End Of Log ============================ Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 16-05-2015 02
Ran by xX2119Xx at 2015-05-16 16:19:08
Running from C:\Users\xX2119Xx\Downloads
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-4255755958-1389709673-710600270-500 - Administrator - Disabled)
Gast (S-1-5-21-4255755958-1389709673-710600270-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-4255755958-1389709673-710600270-1003 - Limited - Enabled)
xX2119Xx (S-1-5-21-4255755958-1389709673-710600270-1001 - Administrator - Enabled) => C:\Users\xX2119Xx
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
µTorrent (HKU\S-1-5-21-4255755958-1389709673-710600270-1001\...\uTorrent) (Version: 3.4.3.40298 - BitTorrent Inc.)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.188 - Adobe Systems Incorporated)
Adobe Photoshop CS2 (HKLM-x32\...\Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0407-1E257A25E34D}) (Version: 9.0 - Adobe Systems, Inc.)
Adobe SVG Viewer 3.0 (HKLM-x32\...\Adobe SVG Viewer) (Version: 3.0 - Adobe Systems, Inc.)
Apple Application Support (32-Bit) (HKLM-x32\...\{AFA1153A-F547-409B-B837-3A0D6C5A3FEC}) (Version: 3.1.3 - Apple Inc.)
Apple Application Support (64-Bit) (HKLM\...\{D7B824DE-DA32-4772-9E5E-39C5158136A7}) (Version: 3.1.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{C4123106-B685-48E6-B9BD-E4F911841EB4}) (Version: 8.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.2.7 - ASUS)
ASUS Power4Gear Hybrid (HKLM\...\{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}) (Version: 3.0.8 - ASUS)
ASUS Screen Saver (HKLM-x32\...\{0FBEEDF8-30FA-4FA3-B31F-C9C7E7E8DFA2}) (Version: 1.0.3 - ASUS)
ASUS Smart Gesture (HKLM-x32\...\{4D3286A6-F6AB-498A-82A4-E4F040529F3D}) (Version: 2.2.10 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 2.01.0021 - ASUS)
ASUS USB Charger Plus (HKLM-x32\...\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}) (Version: 3.1.8 - ASUS)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0028 - ASUS)
Beurer HealthManager (HKLM-x32\...\Beurer HealthManager) (Version: 3.0.0.0 - Beurer Health And Well-Being)
Beurer HealthManager (x32 Version: 3.0.0.0 - Beurer Health And Well-Being) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Canon MX310 series (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX310_series) (Version: - )
CCleaner (HKLM\...\CCleaner) (Version: 5.05 - Piriform)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version: - Valve)
CPUID CPU-Z 1.72 (HKLM\...\CPUID CPU-Z_is1) (Version: - )
CrossFire - DE (HKLM\...\{F2980ADE-338E-4609-A07F-92F6ECFC94C0}) (Version: 1.0.3.40 - FAME Gaming)
CrystalDiskInfo 6.3.2 (HKLM-x32\...\CrystalDiskInfo_is1) (Version: 6.3.2 - Crystal Dew World)
CyberGhost 5 (HKLM\...\CyberGhost 5_is1) (Version: - CyberGhost S.R.L.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 5.0.1.0407 - Disc Soft Ltd)
DriveImage XML (Private Edition) (HKLM-x32\...\{F7E1CA14-B39D-452A-960B-39423DDDD933}) (Version: 2.50.000 - Runtime Software)
Fotogalerie (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Fraps (remove only) (HKLM-x32\...\Fraps) (Version: - )
FRITZ!Box USB-Fernanschluss (HKU\S-1-5-21-4255755958-1389709673-710600270-1001\...\2db37667170956ee) (Version: 2.3.2.0 - AVM Berlin)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden
Grand Theft Auto IV (HKLM-x32\...\Steam App 12210) (Version: - Rockstar North)
Grand Theft Auto V Digital Deluxe Edition MULTi11 1.0 (HKLM-x32\...\Grand Theft Auto V Digital Deluxe Edition MULTi11 1.0) (Version: - )
Grand Theft Auto V Digital Deluxe Edition Update 4 Version MULTi11 1.0.350.2 (HKLM-x32\...\Grand Theft Auto V Digital Deluxe Edition Update 4 Version MULTi11 1.0.350.2) (Version: - )
Grand Theft Auto: Episodes from Liberty City (HKLM-x32\...\Steam App 12220) (Version: - Rockstar North / Toronto)
Hamsterball 3.6 (HKLM-x32\...\Hamsterball_is1) (Version: - Raptisoft)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.15.1730 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3308 - Intel Corporation)
iTunes (HKLM\...\{93F2A022-6C37-48B8-B241-FFABD9F60C30}) (Version: 12.1.2.27 - Apple Inc.)
Java 8 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation)
JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
Kaspersky Security Scan (HKLM-x32\...\InstallWIX_{D1282694-0693-41A8-ABC1-6D1FFC1F65C4}) (Version: 12.0.1.881 - Kaspersky Lab)
Kaspersky Security Scan (x32 Version: 12.0.1.881 - Kaspersky Lab) Hidden
KC Softwares SUMo (HKLM-x32\...\KC Softwares SUMo_is1) (Version: 3.13.8.262 - KC Softwares)
Malwarebytes Anti-Malware Version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Flight Simulator X (HKLM-x32\...\InstallShield_{9527A496-5DF9-412A-ADC7-168BA5379CA6}) (Version: 10.0.61355.0 - Microsoft Game Studios)
Microsoft Flight Simulator X Service Pack 1 (HKLM-x32\...\SP1_9527A496-5DF9-412A-ADC7-168BA5379CA6) (Version: 10.0.61355.0 - Microsoft Game Studios)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{42AA4CA8-DCD8-4308-BCAB-0B6D75856A9D}) (Version: 3.5.95.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{67F42018-F647-4D3C-BE62-F8CB4FE2FCD5}) (Version: 3.5.67.0 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft SharePoint Designer 2010 (HKLM\...\Office14.SharePointDesigner) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{e6e75766-da0f-4ba2-9788-6ea593ce702d}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Minimal ADB and Fastboot version 1.1.3 (HKLM-x32\...\{DE46417A-9E9E-4BCD-BBDD-DA21943193BB}_is1) (Version: 1.1.3 - )
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 38.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 38.0 (x86 de)) (Version: 38.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla)
Mozilla Thunderbird 31.6.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 31.6.0 (x86 de)) (Version: 31.6.0 - Mozilla)
MSXML 4.0 SP2 Parser und SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
NVIDIA 3D Vision Treiber 350.12 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 350.12 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.4.3.22 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.4.3.22 - NVIDIA Corporation)
NVIDIA Grafiktreiber 350.12 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 350.12 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.32.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.32.1 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.15.0324 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0324 - NVIDIA Corporation)
Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
paint.net (HKLM\...\{19BD2C33-16A8-4ED1-B9EA-D9E35B21EC42}) (Version: 4.0.5 - dotPDN LLC)
PDF-Viewer (HKLM\...\{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1) (Version: 2.5.312.1 - Tracker Software Products Ltd)
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.306 - Qualcomm Atheros Communications)
Qualcomm Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm Atheros)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.30164 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.10.1226.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7076 - Realtek Semiconductor Corp.)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.1.5.8 - Rockstar Games)
Samsung Magician (HKLM-x32\...\{29AE3F9F-7158-4ca7-B1ED-28A73ECDB215}_is1) (Version: 4.5.1 - Samsung Electronics)
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.33.0 - SAMSUNG Electronics Co., Ltd.)
Sandboxie 4.16 (64-bit) (HKLM\...\Sandboxie) (Version: 4.16 - Sandboxie Holdings, LLC)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version: - Microsoft)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (Version: - Microsoft) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{90140000-0017-0000-1000-0000000FF1CE}_Office14.SharePointDesigner_{98223B6C-F59E-4928-B553-43605D52ED19}) (Version: - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (Version: - Microsoft) Hidden
SHIELD Streaming (Version: 4.1.1000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.4.3.22 - NVIDIA Corporation) Hidden
Skype™ 7.4 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.4.102 - Skype Technologies S.A.)
SlimDrivers (HKLM-x32\...\{A5457401-D56A-43F2-9524-78E54A7FC07A}) (Version: 2.2.32705 - SlimWare Utilities, Inc.)
Speccy (HKLM\...\Speccy) (Version: 1.28 - Piriform)
StartIsBack+ (HKU\S-1-5-21-4255755958-1389709673-710600270-1001\...\StartIsBack) (Version: 1.7 - startisback.com)
Steam (HKLM-x32\...\Steam) (Version: - Valve Corporation)
Steganos Safe 15 (HKLM-x32\...\{D3FB0B73-11DF-41EE-9B6D-C7198079A88E}) (Version: 15.2.1 - Steganos Software GmbH)
Suite Specific (x32 Version: 2.0.0 - Adobe Systems, Incorporated) Hidden
System Requirements Lab for Intel (HKLM-x32\...\{04C4B49D-45D9-4A28-9ED1-B45CBD99B8C7}) (Version: 4.5.24.0 - Husdawg, LLC)
TAP-Windows 9.9.2 (HKLM\...\TAP-Windows) (Version: 9.9.2 - )
Team Fortress 2 (HKLM-x32\...\Steam App 440) (Version: - Valve)
TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.41459 - TeamViewer)
TreeSize Free V3.3.2 (HKLM-x32\...\TreeSize Free_is1) (Version: 3.3.2 - JAM Software)
Update for Skype for Business 2015 (KB2889853) 64-Bit Edition (HKLM\...\{90150000-012B-0407-1000-0000000FF1CE}_Office15.PROPLUS_{CBCC2FD8-7DFE-4752-95B5-2E447C226F45}) (Version: - Microsoft)
Video Download Capture Version 5.0.0 (HKLM-x32\...\{3C9D008D-3716-4C3F-90CD-38ED57568FAB}_is1) (Version: 5.0.0 - APOWERSOFT LIMITED)
VirusTotal Uploader 2.0 (HKLM-x32\...\VirusTotalUploader2.0) (Version: - )
VLC media player (HKLM\...\VLC media player) (Version: 2.2.1 - VideoLAN)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Windows-Treiberpaket - ASUS (ATP) Mouse (01/07/2014 1.0.0.197) (HKLM\...\2BEE838DC3D664A0CAB23AEA0332BB3877ED0685) (Version: 01/07/2014 1.0.0.197 - ASUS)
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.42.0 - ASUS)
WinRAR 5.21 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)
WISO Steuer-Sparbuch 2015 (HKLM-x32\...\{D06DEBBB-C19E-48C5-A65E-8FBC2F22C0D6}) (Version: 22.00.8811 - Buhl Data Service GmbH)
Zoner Photo Studio 16 (HKLM\...\ZonerPhotoStudio16_DE_is1) (Version: 16.0.1.9 - ZONER software)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-4255755958-1389709673-710600270-1001_Classes\CLSID\{61625667-893E-4707-B925-A82B528C00B9}\InprocServer32 -> C:\Users\xX2119Xx\AppData\Local\StartIsBack\StartIsBack64.dll (www.startisback.com)
CustomCLSID: HKU\S-1-5-21-4255755958-1389709673-710600270-1001_Classes\CLSID\{a2a9545d-a0c2-42b4-9708-a0b2badd77c9}\InprocServer32 -> C:\Users\xX2119Xx\AppData\Local\StartIsBack\StartIsBack64.dll (www.startisback.com)
CustomCLSID: HKU\S-1-5-21-4255755958-1389709673-710600270-1001_Classes\CLSID\{AD1405D2-30CF-4877-8468-1EE1C52C759F}\InprocServer32 -> C:\Users\xX2119Xx\AppData\Local\StartIsBack\StartIsBack64.dll (www.startisback.com)
CustomCLSID: HKU\S-1-5-21-4255755958-1389709673-710600270-1001_Classes\CLSID\{E5C31EC8-C5E6-4E07-957E-944DB4AAD85E}\InprocServer32 -> C:\Users\xX2119Xx\AppData\Local\StartIsBack\StartIsBack64.dll (www.startisback.com)
==================== Restore Points =========================
13-05-2015 00:29:19 Installiert WISO Steuer-Sparbuch 2015
14-05-2015 15:35:50 Removed Google Earth Plug-in
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2015-05-12 19:29 - 2015-05-13 00:32 - 00000990 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {02DD386C-9B6E-4898-9B44-378E850EA6C7} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => F:\Programme\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {1711415B-2897-4953-B541-54E910DF05FF} - System32\Tasks\ASUS Live Update1 => C:\Program Files (x86) [2015-05-15] ()
Task: {17FB729E-2B69-4226-8413-008A723A5950} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-05-17] (Google Inc.)
Task: {1C69EF5C-0AFA-4483-A35C-20B267988E32} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
Task: {2297571D-A134-4C81-A131-D10ACA243801} - System32\Tasks\ASUS USB Charger Plus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [2014-01-16] (ASUSTek Computer Inc.)
Task: {24375097-4F27-4C91-849B-60A8E3396AC7} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2015-04-20] (Microsoft Corporation)
Task: {2688C268-59C0-4B16-8786-691DBEDECF75} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => F:\Programme\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {5F7F00DF-513D-49A9-86BE-7F94C75E324B} - System32\Tasks\ASUS P4G => C:\Program Files\ASUS\P4G\BatteryLife.exe [2014-02-11] (ASUS)
Task: {73489A70-68AA-44DC-8B7D-F6D4F730B683} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-05-14] (Adobe Systems Incorporated)
Task: {894A468B-D9A9-4A91-B889-DAFE39FC6D83} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-04-23] (Piriform Ltd)
Task: {99F02D71-BD07-404C-AA90-D7AC83CDF7CB} - System32\Tasks\SamsungMagician => C:\Program Files (x86)\Samsung\Samsung Magician\Samsung Magician.exe [2014-09-28] (Samsung Electronics.)
Task: {A0352944-FC71-428A-8FFB-B242D67AE92C} - System32\Tasks\Update Checker => C:\Program Files (x86)\ASUS\ASUS Live Update\UpdateChecker.exe [2013-11-27] ()
Task: {A1A8E18A-6E52-4733-B0B0-48D2383528AD} - System32\Tasks\ASUS Splendid ColorU => C:\Program Files (x86)\ASUS\Splendid\ColorUService.exe [2013-10-07] (ASUSTeK Computer Inc.)
Task: {A4CA35F5-30E1-495F-AE18-C5AC76606E6C} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-24] (Microsoft Corporation)
Task: {C67C7C96-0365-4F82-953E-32D16813C85C} - System32\Tasks\ASUS Splendid ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [2013-10-07] (ASUS)
Task: {C6F89040-4CF7-4E2F-B368-D762A50735CE} - System32\Tasks\ASUS Smart Gesture Launcher => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLauncher.exe [2014-02-13] (AsusTek)
Task: {CE1629CF-ED16-4128-BB10-C6C286E94F67} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
Task: {E32AC5B6-8159-4147-BDC0-771E07A4D685} - System32\Tasks\Aufgaben der Ereignisanzeige\Application => C:\Windows\explorer.exe [2015-01-28] (Microsoft Corporation)
Task: {E551CFC1-75CB-4562-9306-0BCFEB001F0A} - System32\Tasks\ASUS Live Update2 => C:\Program Files (x86) [2015-05-15] ()
Task: {E9221B94-B916-4138-B698-D2E053676A8B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-05-17] (Google Inc.)
Task: {ECD33400-A220-400E-B511-66145FB6A406} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
Task: {EF894B0D-6909-4002-9E16-2E62E10CECFC} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (Whitelisted) ==============
2014-03-31 20:53 - 2015-04-08 23:30 - 00116552 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-02-11 17:08 - 2014-02-11 17:08 - 00031360 _____ () C:\Program Files\ASUS\P4G\DevMng.dll
2014-02-11 17:08 - 2014-02-11 17:08 - 00028672 _____ () C:\Program Files\ASUS\P4G\plctrl.dll
2010-11-17 16:00 - 2010-11-17 16:00 - 00220672 _____ () C:\Program Files (x86)\Steganos Safe 15\ShellExtension.dll
2015-01-20 11:35 - 2015-01-20 11:35 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-01-20 11:35 - 2015-01-20 11:35 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2015-05-15 14:29 - 2015-05-15 14:29 - 00566439 _____ () C:\Users\xX2119Xx\AppData\Local\JDownloader v2.0\tmp\7zip\SevenZipJBinding-FKPz9\libgcc_s_sjlj-1.dll
2015-05-15 14:29 - 2015-05-15 14:29 - 04078962 _____ () C:\Users\xX2119Xx\AppData\Local\JDownloader v2.0\tmp\7zip\SevenZipJBinding-FKPz9\lib7-Zip-JBinding.dll
2015-04-08 21:53 - 2015-04-08 21:53 - 00057344 _____ () C:\Program Files\CCleaner\lang\lang-1031.dll
2013-09-09 18:23 - 2013-09-09 18:23 - 00162816 _____ () C:\Program Files (x86)\ASUS\Splendid\CCTAdjust.dll
2013-10-08 20:41 - 2013-10-08 20:41 - 00037968 _____ () C:\Program Files (x86)\ASUS\Splendid\DetectDisplayDC.dll
2014-05-24 12:41 - 2014-09-28 06:59 - 00019872 _____ () C:\Program Files (x86)\Samsung\Samsung Magician\SAMSUNG_SSD.dll
2014-05-24 00:10 - 2013-09-16 12:17 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2014-06-15 23:40 - 2014-06-15 23:40 - 02124256 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\QtCore4.dll
2014-06-15 23:39 - 2014-06-15 23:39 - 07422144 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\QtGui4.dll
2014-06-15 23:39 - 2014-06-15 23:39 - 02453696 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\QtDeclarative4.dll
2014-06-15 23:39 - 2014-06-15 23:39 - 01269952 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\QtScript4.dll
2014-06-15 23:39 - 2014-06-15 23:39 - 00192704 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\QtSql4.dll
2014-06-15 23:39 - 2014-06-15 23:39 - 00794816 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\QtNetwork4.dll
2011-09-05 19:36 - 2011-09-05 19:36 - 00025088 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\imageformats\qgif4.dll
2011-09-05 19:36 - 2011-09-05 19:36 - 00180224 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\imageformats\qjpeg4.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\Users\xX2119Xx\SkyDrive:ms-properties
==================== Safe Mode (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (Whitelisted) ===============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, the associated entry will be removed from the registry.)
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-4255755958-1389709673-710600270-1001\Control Panel\Desktop\\Wallpaper -> F:\Bilder\Neuseeland\PANO_20150413_095833.jpg
DNS Servers: 192.168.178.1
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
HKLM\...\StartupApproved\StartupFolder: => "Adobe Gamma.lnk"
HKLM\...\StartupApproved\Run: => "HotKeysCmds"
HKLM\...\StartupApproved\Run: => "IgfxTray"
HKLM\...\StartupApproved\Run: => "RTHDVCPL"
HKLM\...\StartupApproved\Run: => "ShadowPlay"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "Adobe Version Cue CS2"
HKLM\...\StartupApproved\Run32: => "SAFE15 File Redirection Starter"
HKLM\...\StartupApproved\Run32: => "Steganos HotKeys"
HKLM\...\StartupApproved\Run32: => "vmware-tray.exe"
HKLM\...\StartupApproved\Run32: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "NvBackend"
HKU\S-1-5-21-4255755958-1389709673-710600270-1001\...\StartupApproved\StartupFolder: => "Samsung Magician.lnk"
HKU\S-1-5-21-4255755958-1389709673-710600270-1001\...\StartupApproved\StartupFolder: => "An OneNote senden.lnk"
HKU\S-1-5-21-4255755958-1389709673-710600270-1001\...\StartupApproved\StartupFolder: => "Adobe Gamma.lnk"
HKU\S-1-5-21-4255755958-1389709673-710600270-1001\...\StartupApproved\Run: => "AVMUSBFernanschluss"
HKU\S-1-5-21-4255755958-1389709673-710600270-1001\...\StartupApproved\Run: => "SAFE15 Browser Monitor"
HKU\S-1-5-21-4255755958-1389709673-710600270-1001\...\StartupApproved\Run: => "Amazon Cloud Player"
HKU\S-1-5-21-4255755958-1389709673-710600270-1001\...\StartupApproved\Run: => "Amazon Music"
HKU\S-1-5-21-4255755958-1389709673-710600270-1001\...\StartupApproved\Run: => "DAEMON Tools Lite"
HKU\S-1-5-21-4255755958-1389709673-710600270-1001\...\StartupApproved\Run: => "CCleaner Monitoring"
HKU\S-1-5-21-4255755958-1389709673-710600270-1001\...\StartupApproved\Run: => "Zoner Photo Studio Autoupdate"
HKU\S-1-5-21-4255755958-1389709673-710600270-1001\...\StartupApproved\Run: => "Zoner Photo Studio Service 16"
HKU\S-1-5-21-4255755958-1389709673-710600270-1001\...\StartupApproved\Run: => "SandboxieControl"
HKU\S-1-5-21-4255755958-1389709673-710600270-1001\...\StartupApproved\Run: => "CyberGhost"
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppextcomobj.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppextcomobj.exe
FirewallRules: [{98C9B31F-4770-4478-8FF3-4191AB57D6A2}] => (Allow) C:\Users\xX2119Xx\AppData\Local\Apps\2.0\2PXGEDJP.4OC\AVNBX6YB.ZO4\frit..tion_1acae14e4778b8d2_0002.0003_6dcb4a48ddb2ee39\fritzbox-usb-fernanschluss.exe
FirewallRules: [{D36A06D9-C880-4C19-A6A8-A20116C2BA92}] => (Allow) C:\Users\xX2119Xx\AppData\Local\Apps\2.0\2PXGEDJP.4OC\AVNBX6YB.ZO4\frit..tion_1acae14e4778b8d2_0002.0003_6dcb4a48ddb2ee39\fritzbox-usb-fernanschluss.exe
FirewallRules: [{10A8C91E-CA8C-487F-BB8A-4A18E933094B}] => (Allow) C:\Users\xX2119Xx\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{70BAE2A5-AC50-44CF-9756-8A58CF585FE4}] => (Allow) C:\Users\xX2119Xx\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{534B7EAF-1EE0-4F12-97DE-BE45B2691ECA}] => (Allow) D:\Programme\Creative Suite CS2\Adobe Version Cue CS2\bin\VersionCueCS2.exe
FirewallRules: [{998607A1-E1D5-40FD-B930-3E27D1FDF225}] => (Allow) D:\Programme\Creative Suite CS2\Adobe Version Cue CS2\bin\VersionCueCS2.exe
FirewallRules: [{0A17AD25-FE9F-4C43-ACD3-5D8BDE81BD38}] => (Allow) F:\Programme\Microsoft Office\Office15\lync.exe
FirewallRules: [{20F9ED0E-A844-401F-8FED-2156D1B912FE}] => (Allow) F:\Programme\Microsoft Office\Office15\lync.exe
FirewallRules: [{311887B7-F95E-44EF-B78E-55F0EA4D8794}] => (Allow) F:\Programme\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{100C8F5C-B350-44DC-8B60-15459FDE637E}] => (Allow) F:\Programme\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{1ADD2A8B-6A8A-4166-9886-D16505C6E571}] => (Allow) F:\Programme\Microsoft Office\Office15\outlook.exe
FirewallRules: [TCP Query User{FD0BE14A-9922-4A3C-8C74-ABAD789D1E56}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{5B1A4925-5A41-414E-9072-93D6BED92AF9}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [TCP Query User{65E72143-3749-41F2-980A-2B3993828BE7}C:\users\xx2119xx\appdata\local\apps\2.0\2pxgedjp.4oc\avnbx6yb.zo4\frit..tion_1acae14e4778b8d2_0002.0003_6dcb4a48ddb2ee39\fritzbox-usb-fernanschluss.exe] => (Allow) C:\users\xx2119xx\appdata\local\apps\2.0\2pxgedjp.4oc\avnbx6yb.zo4\frit..tion_1acae14e4778b8d2_0002.0003_6dcb4a48ddb2ee39\fritzbox-usb-fernanschluss.exe
FirewallRules: [UDP Query User{093D3CF7-D872-4EA8-8C84-1BEF25D8E0AE}C:\users\xx2119xx\appdata\local\apps\2.0\2pxgedjp.4oc\avnbx6yb.zo4\frit..tion_1acae14e4778b8d2_0002.0003_6dcb4a48ddb2ee39\fritzbox-usb-fernanschluss.exe] => (Allow) C:\users\xx2119xx\appdata\local\apps\2.0\2pxgedjp.4oc\avnbx6yb.zo4\frit..tion_1acae14e4778b8d2_0002.0003_6dcb4a48ddb2ee39\fritzbox-usb-fernanschluss.exe
FirewallRules: [{9AD61A7F-76A6-4C25-8886-F5438FD527BC}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{1599556C-D9BC-4CD1-BFDF-7C36F4EADA13}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{3EE5FEBE-34EF-44CC-9C36-153F50F4459F}] => (Allow) F:\SteamLibrary\SteamApps\common\Team Fortress 2\hl2.exe
FirewallRules: [{40E401C7-A338-4F74-9037-607D2C4CDDC3}] => (Allow) F:\SteamLibrary\SteamApps\common\Team Fortress 2\hl2.exe
FirewallRules: [{7A29FB6E-CA8C-43B5-840B-BC01A6DAC91D}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{F04B2EA4-6871-41EC-BE58-250B76ECE243}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [TCP Query User{6655F2D3-E89F-4BCD-8CE4-D539BF43B487}F:\steamlibrary\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe] => (Allow) F:\steamlibrary\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe
FirewallRules: [UDP Query User{684CD05D-EAC6-46A5-ACEA-33D3E6251BC8}F:\steamlibrary\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe] => (Allow) F:\steamlibrary\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe
FirewallRules: [{780E925D-5D10-40BA-8D4D-BED337B950BE}] => (Allow) F:\SteamLibrary\SteamApps\common\Grand Theft Auto IV\GTAIV\LaunchGTAIV.exe
FirewallRules: [{CBF8764A-54F8-48A2-B5AC-5A9FD82AC6A4}] => (Allow) F:\SteamLibrary\SteamApps\common\Grand Theft Auto IV\GTAIV\LaunchGTAIV.exe
FirewallRules: [{AEBA8E31-5510-4ACB-930D-56C929795E82}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{F2CC7787-A6B1-4B23-A8E4-78DF9950E4A1}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{0AE59F77-B1AA-4AE0-922F-3BE8D2D36CCA}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{E264B9FA-EB2A-4587-8D55-6875F18E49B8}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{0090E448-8022-4299-A006-083B6DE8F1AE}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{1B55F157-FC1E-49BD-88E4-8E71E6D8E683}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{4F2A39EE-D5E0-4BF2-A6F0-95EBF1E265DD}] => (Allow) F:\SteamLibrary\SteamApps\common\Grand Theft Auto IV Episodes from Liberty City\EFLC\LaunchEFLC.exe
FirewallRules: [{2F5E0EA3-60D5-49B8-9033-B0A47D98F135}] => (Allow) F:\SteamLibrary\SteamApps\common\Grand Theft Auto IV Episodes from Liberty City\EFLC\LaunchEFLC.exe
FirewallRules: [TCP Query User{17CD9FF2-783B-48B7-BBF5-32D31054CC0C}F:\steamlibrary\steamapps\common\grand theft auto iv episodes from liberty city\eflc\eflc.exe] => (Allow) F:\steamlibrary\steamapps\common\grand theft auto iv episodes from liberty city\eflc\eflc.exe
FirewallRules: [UDP Query User{4EAAF8BA-616B-4219-A47D-1B11AD4BC661}F:\steamlibrary\steamapps\common\grand theft auto iv episodes from liberty city\eflc\eflc.exe] => (Allow) F:\steamlibrary\steamapps\common\grand theft auto iv episodes from liberty city\eflc\eflc.exe
FirewallRules: [TCP Query User{EFB0AB5F-4922-4DAC-9B9F-0EDDE11896DC}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{EE8B3FBD-0D82-4B71-BF20-FBDB89B98E91}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{9C4CEAC2-090B-4E5F-8A9F-20BF45388E87}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{4B2E8607-0D6F-49EB-9FE3-656792F3C06E}] => (Allow) LPort=2869
FirewallRules: [{66E3C322-5055-4FF6-9CDD-935E5F3DAF8B}] => (Allow) LPort=1900
FirewallRules: [{19766190-EA10-4617-9FFF-32B2BFC8E8A1}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{BB427789-80AF-4CC2-AAF3-87EB40BEED75}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{0C640989-D22C-4B63-B5A3-32E1747C3628}] => (Allow) F:\Programme\Microsoft Office\Office15\lync.exe
FirewallRules: [{00AF8815-D393-4D10-8DC3-80FF40611730}] => (Allow) F:\Programme\Microsoft Office\Office15\lync.exe
FirewallRules: [{636E467D-E1F3-4234-BF36-D24480D62FB8}] => (Allow) F:\Programme\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{E2ECF340-E8E7-4892-8AA4-5513381EEC83}] => (Allow) F:\Programme\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{E7C632AC-2513-46F2-93E5-27239B024B05}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{5CAF7D78-D8E6-4154-9A07-BAA6DC78E902}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{36277075-EEAA-4D19-9FA7-4FE03A7A79C9}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{B8857AE7-7D31-4547-B194-043BB3E9C8CA}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [TCP Query User{926A62C7-9885-4D88-A4CB-C5C2F19E7843}F:\steamlibrary\steamapps\common\grand theft auto iv episodes from liberty city\eflc\eflc.exe] => (Block) F:\steamlibrary\steamapps\common\grand theft auto iv episodes from liberty city\eflc\eflc.exe
FirewallRules: [UDP Query User{FDE00A95-3174-4CD3-A181-040FB8622C3E}F:\steamlibrary\steamapps\common\grand theft auto iv episodes from liberty city\eflc\eflc.exe] => (Block) F:\steamlibrary\steamapps\common\grand theft auto iv episodes from liberty city\eflc\eflc.exe
FirewallRules: [{5752A242-0803-479C-BEC1-8D3435C1C053}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{D47A0DFE-E4EF-4282-8A91-BE91D6F218B4}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{703E1E58-85EB-4C6C-81EC-BF492476B454}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{05BBDF50-97B3-4FE7-B065-5DF05095BB1B}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [TCP Query User{9F8EBC86-AAC6-4CF9-A786-C3F96535E1A7}C:\program files (x86)\java\jre1.8.0_40\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_40\bin\javaw.exe
FirewallRules: [UDP Query User{88CBAC3C-3DAC-4313-AC69-E1317C044A63}C:\program files (x86)\java\jre1.8.0_40\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_40\bin\javaw.exe
FirewallRules: [{9BBB52A5-1307-4A68-B1FF-6648706B0D4E}] => (Allow) C:\Users\xX2119Xx\AppData\Local\Temp\nsrD45.tmp\CnetInstaller-10618974.exe
FirewallRules: [{DEEF1EBF-C95A-4D92-B7E3-1BAB5A25D186}] => (Allow) C:\Users\xX2119Xx\AppData\Local\Temp\nsrD45.tmp\CnetInstaller-10618974.exe
FirewallRules: [{E0C8BD7E-87BD-4A78-A7C0-0752014A82FD}] => (Allow) C:\Program Files (x86)\Apowersoft\Streaming Video Recorder\Streaming Video Recorder.exe
FirewallRules: [{C90FF431-3791-42D6-A5C7-BE70FD6ADF24}] => (Allow) C:\Program Files (x86)\Apowersoft\Streaming Video Recorder\Streaming Video Recorder.exe
FirewallRules: [{43735FAD-13F9-452B-A0AD-528CD5F2FC55}] => (Allow) C:\Program Files (x86)\Apowersoft\Streaming Video Recorder\ApowersoftSrv.dll
FirewallRules: [{58D155CA-7C9F-4870-BB89-5B8AACEBC654}] => (Allow) C:\Program Files (x86)\Apowersoft\Streaming Video Recorder\ApowersoftSrv.dll
FirewallRules: [{3757A1D3-4A0C-4593-B743-1B36B7AF2002}] => (Allow) C:\Program Files (x86)\Apowersoft\Streaming Video Recorder\ApowersoftDump.dll
FirewallRules: [{0E4B3584-889B-4580-A737-DE700D663B58}] => (Allow) C:\Program Files (x86)\Apowersoft\Streaming Video Recorder\ApowersoftDump.dll
FirewallRules: [{76CA00C2-DB44-42EC-8837-929FF49E860E}] => (Allow) C:\Program Files (x86)\Apowersoft\Streaming Video Recorder\ApowersoftAC.dll
FirewallRules: [{6F07CD83-D56F-4CFC-BC04-91B5F826A114}] => (Allow) C:\Program Files (x86)\Apowersoft\Streaming Video Recorder\ApowersoftAC.dll
FirewallRules: [{B1DEB901-D8DA-478C-BC6E-938ACA1FAC7B}] => (Allow) C:\Program Files (x86)\Apowersoft\Streaming Video Recorder\ApowersoftPlayer.dll
FirewallRules: [{C35DD935-1447-4CF1-AD05-C085A13DBC8D}] => (Allow) C:\Program Files (x86)\Apowersoft\Streaming Video Recorder\ApowersoftPlayer.dll
FirewallRules: [{882810D4-E171-4A02-B7A5-62F3D1CC68D1}] => (Allow) C:\Program Files (x86)\Apowersoft\Streaming Video Recorder\ApowersoftDownloaderHelp.dll
FirewallRules: [{5C46430A-1F34-4317-ABBD-0DE98EB65A9E}] => (Allow) C:\Program Files (x86)\Apowersoft\Streaming Video Recorder\ApowersoftDownloaderHelp.dll
FirewallRules: [{EAE2C52F-EEDA-4751-A045-C02A39874F83}] => (Allow) C:\Program Files (x86)\Apowersoft\Streaming Video Recorder\ApowersoftHDSDump.dll
FirewallRules: [{93DD6AC5-45F1-4FC8-AE38-CADAACDC4B59}] => (Allow) C:\Program Files (x86)\Apowersoft\Streaming Video Recorder\ApowersoftHDSDump.dll
FirewallRules: [{FD0A30E7-A735-4A92-9782-52D9483F97BF}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Download Capture\Video Download Capture.exe
FirewallRules: [{0E427867-A22B-42AC-9297-9FE05032529A}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Download Capture\Video Download Capture.exe
FirewallRules: [{B716BB12-D420-40B3-8F1E-BE1A994B2B83}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Download Capture\ApowersoftSrv.dll
FirewallRules: [{FE25E4B9-DE6C-4BBE-9C1F-52B359BFFBB8}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Download Capture\ApowersoftSrv.dll
FirewallRules: [{9F378B4B-5676-423C-90DB-E1C1A1E2C268}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Download Capture\ApowersoftDump.dll
FirewallRules: [{8CBA5CE6-F085-4C4F-A707-26D5C97D20C5}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Download Capture\ApowersoftDump.dll
FirewallRules: [{50DDBB00-B5D5-437A-9E68-CD080DA8B0AF}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Download Capture\ApowersoftAC.dll
FirewallRules: [{343493B1-0BF9-4523-80C6-6D6DB2BE0FF7}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Download Capture\ApowersoftAC.dll
FirewallRules: [{D28420BD-75B6-4D68-A1D2-24B5687C31BD}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Download Capture\ApowersoftPlayer.dll
FirewallRules: [{EF5D52BD-CFFD-429E-BF58-1BBD31A1E81D}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Download Capture\ApowersoftPlayer.dll
FirewallRules: [{66B46B30-DDF1-4ADB-907F-4410BF83E5D9}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Download Capture\ApowersoftDownloaderHelp.dll
FirewallRules: [{3AA3B741-A979-40A4-AA65-DE4515347E8E}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Download Capture\ApowersoftDownloaderHelp.dll
FirewallRules: [{7C424201-378B-4C54-B262-DB8D5621A5DC}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Download Capture\ApowersoftHDSDump.dll
FirewallRules: [{4BB9A1A3-DDFB-4496-A8C8-B7561308FACF}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Download Capture\ApowersoftHDSDump.dll
FirewallRules: [{3DC812E5-061A-4778-9103-697941A1EEED}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{C1F3B01A-22E5-4A4D-B14A-697319B04452}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{B44ADA35-B86E-4988-AB1D-611AFE4412B2}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{40C1CCA3-F762-4A9D-8A6E-E648DA112DFD}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [TCP Query User{2585C43E-4A81-41D3-8792-072DFBD4939D}C:\users\xx2119xx\appdata\local\jdownloader v2.0\jdownloader2.exe] => (Allow) C:\users\xx2119xx\appdata\local\jdownloader v2.0\jdownloader2.exe
FirewallRules: [UDP Query User{2693CF03-BD7B-40AF-A898-44D79388CB51}C:\users\xx2119xx\appdata\local\jdownloader v2.0\jdownloader2.exe] => (Allow) C:\users\xx2119xx\appdata\local\jdownloader v2.0\jdownloader2.exe
FirewallRules: [{57E7FBB6-8A84-4AD8-8241-3807959B6659}] => (Block) C:\users\xx2119xx\appdata\local\jdownloader v2.0\jdownloader2.exe
FirewallRules: [{91340935-1C11-4754-815B-F19663A52696}] => (Block) C:\users\xx2119xx\appdata\local\jdownloader v2.0\jdownloader2.exe
FirewallRules: [TCP Query User{9B613243-1F3E-4BDD-BDCA-76E00471EC14}F:\spiele\grand theft auto v\gta5.exe] => (Allow) F:\spiele\grand theft auto v\gta5.exe
FirewallRules: [UDP Query User{A8CCC8A6-2997-4F8C-B275-0D99181171C5}F:\spiele\grand theft auto v\gta5.exe] => (Allow) F:\spiele\grand theft auto v\gta5.exe
FirewallRules: [{4A08D0C2-4D17-4A9E-8EDE-5AC236092076}] => (Block) F:\spiele\grand theft auto v\gta5.exe
FirewallRules: [{1411791A-ED62-4FAA-91F7-C51AA5540E3B}] => (Block) F:\spiele\grand theft auto v\gta5.exe
FirewallRules: [{27D94E9F-36BD-4460-B231-9D4A9763C71A}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{795D91D2-0F2F-4CCD-A583-EF39EBE318E1}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{C977A164-FD8B-4DA5-A87D-265DF89C1EE8}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{B92A8F76-158C-4281-9331-354905E5E7EE}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{F44D3F6A-F003-4CF7-99B2-92B140989B6F}] => (Block) %ProgramFiles% (x86)\WISO\Steuersoftware 2015\wiso2015.exe
FirewallRules: [{00A5D69C-B293-43FA-8997-70EAC53FDC53}] => (Allow) C:\Program Files\iTunes\iTunes.exe
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (05/15/2015 02:27:25 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 38.0.0.5606, Zeitstempel: 0x554d0f95
Name des fehlerhaften Moduls: mozalloc.dll, Version: 38.0.0.5606, Zeitstempel: 0x554cfff8
Ausnahmecode: 0x80000003
Fehleroffset: 0x00001aa1
ID des fehlerhaften Prozesses: 0x17a4
Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0
Pfad der fehlerhaften Anwendung: plugin-container.exe1
Pfad des fehlerhaften Moduls: plugin-container.exe2
Berichtskennung: plugin-container.exe3
Vollständiger Name des fehlerhaften Pakets: plugin-container.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: plugin-container.exe5
Error: (05/15/2015 00:39:57 PM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: Das Volume "System-reserviert" wurde aufgrund eines Fehlers nicht optimiert: Falscher Parameter. (0x80070057)
Error: (05/14/2015 04:48:12 PM) (Source: NvStreamSvc) (EventID: 2001) (User: )
Description: NvStreamSvcFailed continue stopping. [6]
Error: (05/14/2015 09:57:15 AM) (Source: NvStreamSvc) (EventID: 2001) (User: )
Description: NvStreamSvcFailed continue stopping. [6]
Error: (05/13/2015 04:35:07 AM) (Source: NvStreamSvc) (EventID: 2001) (User: )
Description: NvStreamSvcFailed continue stopping. [6]
Error: (05/11/2015 09:11:22 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: wwahost.exe, Version: 6.3.9600.17415, Zeitstempel: 0x5450355f
Name des fehlerhaften Moduls: msimtf.dll_unloaded, Version: 6.3.9600.17415, Zeitstempel: 0x54503bba
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00001cce
ID des fehlerhaften Prozesses: 0xf4c
Startzeit der fehlerhaften Anwendung: 0xwwahost.exe0
Pfad der fehlerhaften Anwendung: wwahost.exe1
Pfad des fehlerhaften Moduls: wwahost.exe2
Berichtskennung: wwahost.exe3
Vollständiger Name des fehlerhaften Pakets: wwahost.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: wwahost.exe5
Error: (05/10/2015 01:31:55 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: GTA5.exe, Version: 1.0.350.2, Zeitstempel: 0x554348e6
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00007ff8b8741075
ID des fehlerhaften Prozesses: 0x820
Startzeit der fehlerhaften Anwendung: 0xGTA5.exe0
Pfad der fehlerhaften Anwendung: GTA5.exe1
Pfad des fehlerhaften Moduls: GTA5.exe2
Berichtskennung: GTA5.exe3
Vollständiger Name des fehlerhaften Pakets: GTA5.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: GTA5.exe5
Error: (05/10/2015 00:50:17 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: GTA5.exe, Version: 1.0.350.2, Zeitstempel: 0x554348e6
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00007ff8b8741075
ID des fehlerhaften Prozesses: 0x1180
Startzeit der fehlerhaften Anwendung: 0xGTA5.exe0
Pfad der fehlerhaften Anwendung: GTA5.exe1
Pfad des fehlerhaften Moduls: GTA5.exe2
Berichtskennung: GTA5.exe3
Vollständiger Name des fehlerhaften Pakets: GTA5.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: GTA5.exe5
Error: (05/10/2015 10:57:14 AM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: Das Volume "System-reserviert" wurde aufgrund eines Fehlers nicht optimiert: Falscher Parameter. (0x80070057)
Error: (05/10/2015 10:49:50 AM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: Das Volume "System-reserviert" wurde aufgrund eines Fehlers nicht optimiert: Falscher Parameter. (0x80070057)
System errors:
=============
Error: (05/15/2015 02:27:48 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalAktivierung{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar
Error: (05/15/2015 02:27:25 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Intel(R) Capability Licensing Service Interface" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 0 Millisekunden durchgeführt: Neustart des Diensts.
Error: (05/15/2015 02:27:25 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Office 64 Source Engine" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (05/15/2015 02:27:25 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Intel(R) Dynamic Application Loader Host Interface Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (05/15/2015 02:27:24 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "CyberGhost 5 Client Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (05/15/2015 02:27:24 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "ZAtheros Bt and Wlan Coex Agent" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (05/15/2015 02:27:24 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "NVIDIA Streamer Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (05/15/2015 02:27:24 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "NVIDIA Network Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (05/15/2015 02:27:24 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Intel(R) Capability Licensing Service Interface" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 0 Millisekunden durchgeführt: Neustart des Diensts.
Error: (05/15/2015 02:27:24 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "NVIDIA GeForce Experience Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Microsoft Office Sessions:
=========================
Error: (05/15/2015 02:27:25 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe38.0.0.5606554d0f95mozalloc.dll38.0.0.5606554cfff88000000300001aa117a401d08f09c1470a03C:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozalloc.dllbdcfa75e-fafd-11e4-82db-bcee7b2b66d7
Error: (05/15/2015 00:39:57 PM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: System-reserviertFalscher Parameter. (0x80070057)
Error: (05/14/2015 04:48:12 PM) (Source: NvStreamSvc) (EventID: 2001) (User: )
Description: NvStreamSvcFailed continue stopping. [6]
Error: (05/14/2015 09:57:15 AM) (Source: NvStreamSvc) (EventID: 2001) (User: )
Description: NvStreamSvcFailed continue stopping. [6]
Error: (05/13/2015 04:35:07 AM) (Source: NvStreamSvc) (EventID: 2001) (User: )
Description: NvStreamSvcFailed continue stopping. [6]
Error: (05/11/2015 09:11:22 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: wwahost.exe6.3.9600.174155450355fmsimtf.dll_unloaded6.3.9600.1741554503bbac000000500001ccef4c01d08c1e4121c971C:\Windows\syswow64\wwahost.exemsimtf.dll82612134-f811-11e4-82da-bcee7b2b66d7Microsoft.SkypeApp_3.1.0.1007_x86__kzf8qxf38zg5cApp
Error: (05/10/2015 01:31:55 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: GTA5.exe1.0.350.2554348e6unknown0.0.0.000000000c000000500007ff8b874107582001d08b0fb4ae5bcbF:\Programme\Grand Theft Auto V\GTA5.exeunknown29050995-f708-11e4-82da-bcee7b2b66d7
Error: (05/10/2015 00:50:17 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: GTA5.exe1.0.350.2554348e6unknown0.0.0.000000000c000000500007ff8b8741075118001d08b0d6f05b69dF:\Programme\Grand Theft Auto V\GTA5.exeunknown580e64ce-f702-11e4-82da-bcee7b2b66d7
Error: (05/10/2015 10:57:14 AM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: System-reserviertFalscher Parameter. (0x80070057)
Error: (05/10/2015 10:49:50 AM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: System-reserviertFalscher Parameter. (0x80070057)
CodeIntegrity Errors:
===================================
Date: 2015-02-24 10:26:42.727
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2015-02-21 11:23:21.168
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2015-02-14 03:31:33.176
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2015-02-13 08:34:12.727
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2015-02-12 03:56:21.803
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\Avira\AntiVir Desktop\avscan.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Avira\AntiVir Desktop\avnotify.exe that did not meet the Store signing level requirements.
Date: 2015-02-12 03:56:07.755
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\Avira\AntiVir Desktop\avscan.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Avira\AntiVir Desktop\avnotify.exe that did not meet the Store signing level requirements.
Date: 2015-02-10 04:22:53.598
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2015-02-08 17:13:25.562
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2015-02-01 06:39:11.432
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2015-01-01 15:05:42.139
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i7-4700HQ CPU @ 2.40GHz
Percentage of memory in use: 70%
Total physical RAM: 3981 MB
Available physical RAM: 1187.46 MB
Total Pagefile: 10125 MB
Available Pagefile: 6895.52 MB
Total Virtual: 131072 MB
Available Virtual: 131071.79 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:111.45 GB) (Free:34.2 GB) NTFS
Drive f: (TOSHIBA EXT) (Fixed) (Total:931.51 GB) (Free:188.55 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 111.8 GB) (Disk ID: 05FAE66C)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=111.4 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (MBR Code: Windows 7 or Vista) (Size: 931.5 GB) (Disk ID: 83256085)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)
==================== End Of Log ============================
|
| Themen zu Infizierte .doc-Datei geöffnet |
| adware, antivir, avira, bonjour, browser, computer, cpu-z, cyberghost, desktop, e-mail, firefox, flash player, grand theft auto, hotspot, hängen, installation, kaspersky, launch, mozilla, mp3, registry, scan, security, software, svchost.exe, system, tracker, virus, vista, windows, wlan |
Baum-Darstellung